Re: Other possible protection against RST/SYN attacks (was Re: TCP RST attack
From: Tillman Hodgson (tillman_at_seekingfire.com)
Date: Wed, 21 Apr 2004 15:44:45 -0600 To: firstname.lastname@example.org
On Wed, Apr 21, 2004 at 05:18:26PM -0400, Gary Corcoran wrote:
> Charles Swiger wrote:
> >The default TTL gets decremented with every hop, which means that a
> >packet coming in with a TTL of 255 had to be sent by a directly
> >connected system. [ip_ttl is an octet, so it can't hold a larger TTL
> Huh? 255-- == 254, not 0. A TTL of 255 just allows the maximum possible
> number of hops, before being declared hopelessly lost.
Exactly -- if you see an incoming packet with a TTL of 255, it must've
originated on a directly connected system /or it would've already been
decremented to 254 or lower/.
-- "Beware of he who would deny you information, for in his heart he dreams himself your master."
- application/pgp-signature attachment: stored